A critical code injection vulnerability in Movable Type allows attackers to execute arbitrary Perl scripts, resulting in full system compromise.

This is a code injection vulnerability. While the description implies the need for interaction, the nature of the flaw allows for the execution of arbitrary Perl scripts by an attacker who gains access to the application's processing functions.

With a CVSS score of 9.8, this vulnerability is extremely dangerous. Successful exploitation grants the attacker the ability to execute code with the permissions of the web server, potentially allowing them to compromise the entire underlying web hosting environment and sensitive databases.

Immediate Action: Update Movable Type to the latest patched version provided by Six Apart.

Proactive Monitoring: Monitor for unusual Perl script execution or unexpected changes to the web directory structure.

Compensating Controls: Use a Web Application Firewall (WAF) with rules designed to detect and block common code injection patterns and malicious Perl syntax.

Public Exploit Available: Unknown

Given the critical CVSS rating, immediate patching is required. Organizations should ensure their Movable Type deployments are updated to the latest secure version to prevent unauthorized command execution and potential data breaches.